Today, I got a couple of emails from a textbook company. These messages had been coming with regularity every few days, and although I know the company, these particular messages are outside my area of interest. Tired of getting irrelevant messages, I scrolled to the bottom of the page and found the “unsubscribe” link. Upon clicking the link, my browser immediately sprang into action. But instead of getting the expected “We’re sorry to see you go” text on the page, I instead got a message saying, “This site can’t be reached” and cited a DNS error.

I tried several times, each time getting the same response (none). After my initial irritation, I just changed my email settings to mark future messages from the company as spam. Since I’m familiar with this particular company, I chalked it up to somebody not doing their job with checking to make sure the links actually work, as opposed to an intentional act of deception.

If you’re one of the world’s 3.7 billion email users (according to the Radicati Group), you probably get messages every day you don’t want. That’s part of doing everyday business, and most users just delete unwanted messages, send them to the “spam” folder or report them to the service provider. But companies can get into serious trouble if they don’t provide a (working) way to honor recipients’ requests for removal.

The CAN-SPAM Act of 2003 governs how companies handle commercial email solicitations. The Federal Trade Commission holds the primary responsibility of enforcing the act, as well as administering fines for violations (which can penalize businesses thousands of dollars for each separate violation of the act). Specifically, CAN-SPAM requires that businesses avoid using false or misleading headers or subject lines, failing to disclose a message is trying to sell something and avoiding telling people where to find your company. But the most well-known portions of CAN-SPAM have to do with handling requests to be removed from mailing lists.

The FTC provides some guidance in its Compliance Guide for Business. Specifically, the document advises companies, “You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.”

In addition, requests have to be clear and conspicuous, and although you may direct users to a page where they can select their preferences, it must include an option to opt out of receiving any more messages from you. Requests must be handled promptly, and be honored within 10 business days. And once you’re notified, you can’t “sell or transfer” their email addresses to another entity (unless you can show you’re hiring the other company to help with compliance with the law.

Computer security experts often get asked whether it really does any good (or whether it’s risky) to click “unsubscribe” links. Most experts agree that law-abiding companies who care about their reputations are going to comply. However, it’s also clear that much email traffic is unsolicited (spam) email that tries to hook you with scams and ripoffs, or those who want you to click a web link so they can steal your identity or install malware on your computer. Such entities aren’t likely to honor your requests to be removed, and clicking their links may actually make you get more spam.

Bottom line: exercise caution in clicking on any links in an unsolicited email, or opening it at all. If in doubt, just delete it, especially if it comes with an attachment. If they send you messages frequently, report it as spam to your Internet Service Provider, and use your email client’s rules feature to snare them before they even reach your inbox. After all, the best unwanted message is the one you never see.